Zitat von "W.C.A. Wijngaards" <[email protected]>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Unbound 1.4.7 is available. You can find it here: unbound.net/downloads/unbound-1.4.7rc1.tar.gz sha1 eb062726e074ebb0e7d64e31495db693defc6a9f sha256 f04944d10c65a548eb6a5ff17715283d9315d9a6c5585248e90384f10aee5748 There are some bugfixes since 1.4.7rc1, which do not affect the build process, that are in release 1.4.7 New dependency on libexpat (for parsing xml in unbound-anchor: tool to get the DNSSEC root key). Also, GOST is enabled by default, and errors if not supported. And ldns if not recent enough there is a configure error (you can use the builtin or 1.6.7).
Is GOST a supported cipher for DNSSEC or will it be some time in the future? As far as i can see it is only available in openssl 1.x or newer and for the next few years this will probably not be the standard on Unix. So most of us have to use "--disable-gost" anyway...
If you want to create a package with DNSSEC support then unbound-anchor is a tool that you can use. It contains a copy of the root key DS, and a certificate to update it, it does RFC5011 tracking and https fetches to keep the DNSSEC root anchor updated. Just put a line in unbound.conf and run it before you start unbound, thus, you may want to review your rc.init scripts. You can audit the included keys with unbound-anchor -l (or override with commandline options and it is open source). There are also some nice bugfixes in 1.4.7 :-) Here is a long, detailed, list:
Thanks, i will try it out. Regards Andreas _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
